<?php

/* This is the database connection class. All parsing, security, and database
 * queries are done here. */

final class connection {

	private $db;

	function __construct() {
		$this -> db = new mysqli("dehoek.heliohost.org", "zazou_root", "123amsterdam", "zazou_1");
	}

	function setDB($n) {
		$this -> db = new mysqli("dehoek.heliohost.org", "zazou_root", "123amsterdam", $n);
	}

	function authorize($n, $p) {

		$this -> db -> select_db("zazou_1");

		$name = strip_tags($n);
		$password = sha1(strip_tags($p));

		$query = "SELECT role FROM users WHERE user= ? AND password= ?";

		$stmt = $this -> db -> prepare($query);
		$stmt -> bind_param("ss", $name, $password);

		$stmt -> execute();
		$stmt -> bind_result($result);
		$stmt -> fetch();

		if (empty($result)) {
			return -1;
		} else {
			return $result;
		}
	}

	function fetchFeed() {

		$this -> db -> select_db("zazou_1");

		$query = "SELECT * FROM post WHERE id > (SELECT MAX(id) FROM post)-20";
		$stmt = $this -> db -> prepare($query);

		$stmt -> execute();
		$stmt -> bind_result($col1, $col2, $col3, $col4);
		while ($stmt -> fetch()) {
			$c3 = substr($col3, -8, -3);
			$table[] = array($col1, $col2, $c3, $col4);
		}
		return $table;
	}

	function fetchNews() {

		$this -> db -> select_db("zazou_1");

		$query = "SELECT * FROM announcements";
		$stmt = $this -> db -> prepare($query);

		$stmt -> execute();
		$stmt -> bind_result($col1, $col2, $col3, $col4, $col5, $col6);
		while ($stmt -> fetch()) {
			$table[] = array($col2, $col3, $col4, $col5);
		}
		return $table;
	}

	function getHighlight() {
		$this -> db -> select_db("zazou_1");

		$name = strip_tags($n);
		$password = sha1(strip_tags($p));

		$query = "SELECT message FROM home";

		$stmt = $this -> db -> prepare($query);

		$stmt -> execute();
		$stmt -> bind_result($message);
		$stmt -> fetch();
		return $message;
	}

	function post($usr, $msg) {
		$this -> db -> select_db("zazou_1");

		$message = strip_tags($msg);
		$user = strip_tags($usr);

		$lasthour = new DateTime(null, new DateTimeZone('Europe/Amsterdam'));
		$dt = $lasthour -> format('Y-m-d H:i:s');
		date_sub($lasthour, date_interval_create_from_date_string("1 hour"));

		$query = "INSERT INTO post (poster,message,dt)
		VALUES (?, ?, ?)";

		$stmt = $this -> db -> prepare($query);
		$stmt -> bind_param("sss", $user, $message, $dt);

		$stmt -> execute();

		return "post succes.";
	}

	function postAnnouncement($usr, $ttl, $msg) {
		$this -> db -> select_db("zazou_1");

		$message = strip_tags($msg, "<iframe><img><h1><b><i><u>");
		$message = str_replace("[", " ", $message);
		$message = str_replace("]", " ", $message);
		$message = str_replace("<", "[", $message);
		$message = str_replace(">", "]", $message);
		$message = $this -> closetags($message);
		$user = strip_tags($usr);
		$title = strip_tags($ttl);

		$lasthour = new DateTime(null, new DateTimeZone('Europe/Amsterdam'));
		$dt = $lasthour -> format('Y-m-d H:i:s');
		date_sub($lasthour, date_interval_create_from_date_string("1 hour"));

		$query = "INSERT INTO announcements (poster,title,message,dt)
		VALUES (?, ?, ?, ?)";

		$stmt = $this -> db -> prepare($query);

		$stmt -> bind_param("ssss", $user, $title, $message, $dt);

		$stmt -> execute();

		return "post succes.";
	}

	function postPage($msg) {
		$this -> db -> select_db("zazou_1");

		$message = str_replace('"', "`", $msg);
		$message = str_replace("'", "`", $message);
		$message = nl2br($message);
		$message = str_replace("\n", "", $message);
		$message = str_replace("\r", "", $message);
		$message = strip_tags($message, "<iframe><img><h1><b><i><u><img>");
		$message = $this -> closetags($message);

		$lasthour = new DateTime(null, new DateTimeZone('Europe/Amsterdam'));
		$dt = $lasthour -> format('Y-m-d H:i:s');
		date_sub($lasthour, date_interval_create_from_date_string("1 hour"));

		$query = "UPDATE home SET message= ? WHERE id=1";

		$stmt = $this -> db -> prepare($query);

		$stmt -> bind_param("s", $message);

		$stmt -> execute();

		return "post succes.";
	}
	
	function closetags ( $html )
{
    #put all opened tags into an array
    preg_match_all ( "#<([a-z]+)( .*)?(?!/)>#iU", $html, $result );
    $openedtags = $result[1];

    #put all closed tags into an array
    preg_match_all ( "#</([a-z]+)>#iU", $html, $result );
    $closedtags = $result[1];
    $len_opened = count ( $openedtags );
    # all tags are closed
    if( count ( $closedtags ) == $len_opened )
    {
        return $html;
    }
    $openedtags = array_reverse ( $openedtags );
    # close tags
    for( $i = 0; $i < $len_opened; $i++ )
    {
        if ( !in_array ( $openedtags[$i], $closedtags ) )
        {
            $html .= "</" . $openedtags[$i] . ">";
        }
        else
        {
            unset ( $closedtags[array_search ( $openedtags[$i], $closedtags)] );
        }
    }
    return $html;
}

}
?>